[Bug 2095497] Re: [MIR] ruby-base64
$ rmadison -u ubuntu -s plucky,plucky-proposed ruby-base64 ruby-base64 | 0.2.0-2 | plucky/universe | source, all $ ./change-override --component main --suite plucky --source-and-binary ruby-base64 Override component to main ruby-base64 0.2.0-2 in plucky: universe/misc -> main ruby-base64 0.2.0-2 in plucky amd64: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky arm64: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky armhf: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky i386: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky ppc64el: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky riscv64: universe/ruby/optional/100% -> main ruby-base64 0.2.0-2 in plucky s390x: universe/ruby/optional/100% -> main Override [y|N]? y 8 publications overridden. ** Changed in: ruby-base64 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095497] Re: [MIR] ruby-base64
The same as in https://bugs.launchpad.net/ubuntu/+source/ruby-did-you- mean/+bug/1556608/comments/1 applies here. This does therefore not need re-review, it is in mismatches - setting the state accordingly. ** Changed in: ruby-base64 (Ubuntu) Status: New => In Progress ** Changed in: ruby-sinatra (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095497] Re: [MIR] ruby-base64
** Changed in: ruby-base64 (Ubuntu) Assignee: Renan Rodrigo (renanrodrigo) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095497] Re: [MIR] ruby-base64
** Description changed: + [Availability] + The package ruby-base64 is already in Ubuntu universe. + The package ruby-base64 build for the architectures it is designed to work on. + It currently builds and works for architectures: amd64 (all) + Link to package: https://launchpad.net/ubuntu/+source/ruby-base64 + + [Rationale] + ruby-base64 was provided by libruby itself until version 3.3.4. + However, in version 3.3.5-1 (https://launchpad.net/ubuntu/+source/ruby3.3) there was + a decision to stop using multiple ruby gems provided by the interpreter itself, relying + on the packaged version instead - the changelog says: + + ruby3.3 (3.3.5-1) unstable; urgency=medium + (...) + * debian/genprovides: move list of rejected provides to an external file + * Drop packages that are available standalone from Provides: + - base64 + - csv + - did_you_mean + - ipaddr + - json + - minitest + - power_assert + - psych + - test-unit + Their files are still shipped, but as far as dependency resolution is + concerned, the versions bundled with the Ruby interpreter won't be used + anymore. + + The ruby-sinatra package (in main) depends on ruby-base64 - so the latter + should be promoted to main. + An alternative would be to drop the rejection and keep the genprovides, but + base64 will be turned from a default to a bundled gem from the ruby stdlib in 3.4 + (https://bugs.ruby-lang.org/issues/19351), so this change will be needed in the + future anyway. + + The package ruby-base64 is required in Ubuntu main as soon as possible to + solve the component mismatch. + + [Security] + Checked all suggested links, no CVEs/security issues in this software in the past. + + I'm no security expert, but there are some points I could verify: + + - no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library) + - Package does not install services, timers or recurring jobs + - Packages does not open privileged ports (ports < 1024). + - Package does not expose any external endpoints + + [Quality assurance - function/usage] + The package works well right after install + + [Quality assurance - maintenance] + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have any long-term & critical open bugs: + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-base64 + - Upstream https://github.com/ruby/base64/issues + + - The package does not deal with exotic hardware we cannot support + + [Quality assurance - testing] + The package runs a test suite on build time, if it fails it makes the build fail + link to build log: https://launchpadlibrarian.net/739887066/buildlog_ubuntu-oracular-amd64.ruby-base64_0.2.0-2_BUILDING.txt.gz + + autopkgtests-wise, debian/control has + Testsuite: autopkgtest-pkg-ruby + but there is no debian/tests folder + + [Quality assurance - packaging] + - debian/watch is present and works + - debian/control defines a correct Maintainer field + - This package does not yield massive lintian Warnings, Errors + -`lintian --pedantic` has no output and returns 0 + - Lintian overrides are not present + - This package does not rely on obsolete or about to be demoted packages. + - The package will not be installed by default + - Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-base64/tree/debian/rules + + [UI standards] + - Application is not end-user facing (does not need translation) + + [Dependencies] + - No further depends or recommends dependencies that are not yet in main + + [Standards compliance] + - This package correctly follows FHS and Debian Policy + + [Maintenance/Owner] + - I Suggest the owning team to be Ubuntu Server (not yet subscribed) + - This does not use static builds + - This does not use vendored code + - This package is not rust based + - The package has been built within the last 3 months in a PPA + - Build link on launchpad: https://launchpadlibrarian.net/777343308/buildlog_ubuntu-plucky-amd64.ruby-base64_0.2.0-2~ppa1_BUILDING.txt.gz + + [Background information] + - The Package description explains the package well + - Upstream Name is base64 + - Link to upstream project: https://github.com/ruby/base64 + + [ Original description ] TBD by ~ubuntu-server Upstream ruby-sinatra v3.2.0 introduce a new dependency on ruby-base64: https://salsa.debian.org/ruby-team/ruby- sinatra/-/blob/master/CHANGELOG.md?ref_type=heads This either needs to be dropped or the ruby-bas64 MIR needs to be handled. upstream change: https://github.com/sinatra/sinatra/pull/1946 ** Changed in: ruby-base64 (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://
[Bug 2095497] Re: [MIR] ruby-base64
- ruby-rack-protection, the binary, is built from the ruby-sinatra source - it's present and installable on plucky - it has the dependency on ruby-base64, both for the release version and the proposed version, and now that shows up in both mismatch reports So I think all is good and this MIR makes sense. On it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095497] Re: [MIR] ruby-base64
** Changed in: ruby-base64 (Ubuntu) Assignee: (unassigned) => Renan Rodrigo (renanrodrigo) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095497] Re: [MIR] ruby-base64
This shows up as a component-mismatch in the -proposed report (https://ubuntu-archive-team.ubuntu.com/component-mismatches- proposed.html) Interestingly, ruby-sinatra is not even in plucky-proposed. Another reverse-depends seems to be https://launchpad.net/ubuntu/+source/ruby- rack-protection, which exists only in Bionic and below, so not in Plucky either... Maybe something odd is happening with the component-mismatch reports? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095497 Title: [MIR] ruby-base64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
